SAM #36C25726Q0569

Procurement of Indirect Ophthalmoscopes for Central Texas Veterans Healthcare System

The Department of Veterans Affairs, Central Texas Veterans Healthcare System, is seeking to procure five Indirect Ophthalmoscopes for its Ophthalmology department at the Olin E. Teague Medical Center in Temple, Texas. - Government Buyer: - Department of Veterans Affairs - Central Texas Veterans Healthcare System - VISN 17 Network Contracting Office, Olin E. Teague Medical Center - Products Requested: - Five (5) Indirect Ophthalmoscopes - No specific OEMs or brands named - Technical specifications include: - OCULAR EYE LENSES +2D standard - 1000 Lux light output - 3800K LED color temperature - Adjustable illumination mirror - Optics adjustment range - Working distance, pupil size range, PD range - Battery life up to 2 hours - Cleaning requirements, filters, patch diameter, aperture sizes - Temperature and humidity limits - Electrical ratings, photochemical source radiance - Safety classification: Class II Equipment, Type B protection - Notable Requirements: - Equipment must replace end-of-life devices - Compliance with VA information security, privacy, and records management directives - Mandatory training for contractor personnel - Delivery required within 90 days of contract award - Contract is firm fixed price, base purchase only - Place of Performance: - Olin E. Teague Medical Center, Central Texas Veterans Healthcare System, 1901 Veterans Memorial Drive, Temple, Texas 76504

Description

STATEMENT OF WORK Indirect Ophthalmoscope Introduction/Background The Central Texas Veterans Healthcare System, Olin E. Teague Medical Center (VAMC), requires five (5) Indirect Ophthalmoscopes for its Ophthalmology department, located at 1901 Veterans Memorial Drive, Temple, Texas 76504. This equipment is used to visualize the retina, optic nerve, blood vessels, and other structures within the eye, assisting ophthalmologists in diagnosing various eye conditions. They are particularly useful for detecting eye diseases such as glaucoma, macular degeneration, and diabetic retinopathy, and for checking abnormalities in the blood vessels of the eye and examining the vitreous humor. The ophthalmoscope is part of every eye exam. These technologies are essential for guiding treatments and ensuring accurate diagnoses in eye care. VAMC aims to replace its current equipment that has reached its end-of-life. Objectives The primary objective of this contract is to procure state-of-the-art ophthalmic equipment, specifically the replacement of existing Indirect Ophthalmoscope devices that have reached their end-of-life, to ensure the highest quality of eye care for our veterans. This acquisition will be executed through a task order issued to a Service-Disabled Veteran-Owned Small Business (SDVOSB) at a firm fixed price. The contract will be established as a base purchase agreement, without options for extension. Ensuring top-tier ophthalmological diagnostic capabilities, this initiative will support the commitment to providing unparalleled healthcare services to our veterans, maintaining the highest standards in medical technology and care delivery. Scope of Work Vendor shall deliver five (5) units of the following to 1901 Veterans Memorial Drive, Temple, Texas, 76504 within 90 days of contract award date: Technical Requirements: OCULAR EYE LENSES +2D as standard (plano optional) LIGHT OUTPUT 1000 Lux COLOUR TEMPERATURE OF LED 3800K ILLUMINATION MIRROR ADJUSTMENT ABOUT CENTRE AXIS 84mm up, 53 mm down ADJUSTMENT RANGE OF OPTICS +/- 4 degrees WORKING DISTANCE Nominal 440mm PUPIL SIZE 1-10mm PD RANGE 48-76mm BATTERY Up to 2 hours continuous on a single charge CLEANING Wipe with water / isopropyl alcohol solution (70% IPA by volume) FILTERS Cobalt Blue, Red-free, Diffuser PATCH DIAMETER 20mm, 40mm, 60mm APERTURE Large, Intermediate, Small TEMPERATURE LIMITS Operation +10°C to +35°C, Storage -10°C to +55°C, Transport -40°C to +70°C HUMIDITY LIMITS Operation 30% to 75%, Storage 10% to 95%, Transport 10% to 95% Electrical Ratings: INPUT MAINS DATA 100-240V - 50/60Hz, POWER SUPPLY RATING 12V : 2.5amps PHOTOCHEMICAL SOURCE RADIANCE: 1mm aperture (mW cm-2 sr-1) APHAKIC, LA (305-700Nm) 1.32; PHAKIC, LB (380-700Nm) 1.16 Dimensions and Weight: 150 x 230 x 310mm (HxWxD), 596g Classification and Safety Standards: Class II Equipment. Type B protection The C&A requirements do not apply. A security accreditation package is not required. GENERAL This entire section applies to all acquisitions requiring any Information Security and Privacy language. Contractors, contractor personnel, subcontractors, and subcontractor personnel will be subject to the same federal laws, regulations, standards, VA directives, and handbooks, as VA personnel regarding information and information system security and privacy. 1. VA INFORMATION CUSTODIAL LANGUAGE This entire section applies to all acquisitions requiring any Information Security and Privacy language. The Government shall receive unlimited rights to data/intellectual property first produced and delivered in the performance of this contract or order (hereinafter "contract") unless expressly stated otherwise in this contract. This includes all rights to source code and all documentation created in support thereof. The primary clause used to define Government and Contractor data rights is FAR 52.227-14 Rights in Data - General. The primary clause used to define computer software license (not data/intellectual property first produced under this contractor or order) is FAR 52.227-19, Commercial Computer Software License. Information made available to the contractor by VA for the performance or administration of this contract will be used only for the purposes specified in the service agreement, SOW, PWS, PD, and/or contract. The contractor shall not use VA information in any other manner without prior written approval from a VA Contracting Officer (CO). The primary clause used to define Government and Contractor data rights is FAR 52.227-14 Rights in Data - General. VA information will not be co-mingled with any other data on the contractor's information systems or media storage systems. The contractor shall ensure compliance with Federal and VA requirements related to data protection, data encryption, physical data segregation, logical data segregation, classification requirements, and media sanitization. VA reserves the right to conduct scheduled or unscheduled audits, assessments, or investigations of contractor Information Technology (IT) resources to ensure information security is compliant with Federal and VA requirements. The contractor shall provide all necessary access to records (including electronic and documentary materials related to the contracts and subcontracts) and support (including access to contractor and subcontractor staff associated with the contract) to VA, VA's Office Inspector General (OIG), and/or Government Accountability Office (GAO) staff during periodic control assessments, audits, or investigations. The contractor may only use VA information within the terms of the contract and applicable Federal law, regulations, and VA policies. If new Federal information security laws, regulations, or VA policies become applicable after execution of the contract, the parties agree to negotiate contract modification and adjustment necessary to implement the new laws, regulations, and/or policies. The contractor shall not make copies of VA information except as specifically authorized and necessary to perform the terms of the contract. If copies are made for restoration purposes, after the restoration is complete, the copies shall be destroyed in accordance with VA Directive 6500, VA Cybersecurity Program, and VA Information Security Knowledge Service. If a Veterans Health Administration (VHA) contract is terminated for default or cause with a business associate, the related local Business Associate Agreement (BAA) shall also be terminated and actions taken in accordance with VHA Directive 1605.05, Business Associate Agreements. If there is an executed national BAA associated with the contract, VA will determine what actions are appropriate and notify the contractor. The contractor shall store and transmit VA sensitive information in an encrypted form, using VA-approved encryption tools which are, at a minimum, Federal Information Processing Standards (FIPS) 140-2, Security Requirements for Cryptographic Modules (or its successor) validated and in conformance with VA Information Security Knowledge Service requirements. The contractor shall transmit VA sensitive information using VA approved Transport Layer Security (TLS) configured with FIPS based cipher suites in conformance with NIST 800-52, Guidelines for the Selection, Configuration and Use of Transport Layer Security (TLS) Implementations. The contractor's firewall and web services security controls, as applicable, shall meet or exceed VA's minimum requirements. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor may use and disclose VA information only in two situations: (i) in response to a qualifying order of a court of competent jurisdiction after notification to VA CO, or (ii) with written approval from the VA CO. The contractor shall refer all requests for, demands for production of, or inquiries about, VA information and information systems to the VA CO for response. Notwithstanding the provision above, the contractor shall not release VA records protected by Title 38 U.S.C. § 5705, Confidentiality of medical quality assurance records, and/or Title 38 U.S.C. § 7332, Confidentiality of certain medical records pertaining to drug addiction, sickle cell anemia, alcoholism, or HIV infection. If the contractor is in receipt of a court order or other requests for the above-mentioned information, the contractor shall immediately refer such court order or other requests to the VA CO for response. Information made available to the contractor by VA for the performance or administration of this contract or developed by the contractor in performance or administration of the contract will be protected and secured in accordance with VA Directive 6500 and Identity and Access Management (IAM) Security processes specified in the VA Information Security Knowledge Service. Any data destruction done on behalf of VA by a contractor shall be done in accordance with NARA requirements as outlined in VA Directive 6300, VA Handbook 6300.1, Records Management Procedures, and applicable VA Records Control Schedules. The contractor shall provide its plan for destruction of all VA data in its possession according to VA Directive 6500 and NIST 800-88, Guidelines for Media Sanitization, prior to termination or completion of this contract. If directed by the COR/CO, the contractor shall return all Federal Records to VA for disposition. Any media, such as paper, magnetic tape, magnetic disks, solid-state devices, or optical discs that is used to store, process, or access VA information that cannot be destroyed shall be returned to VA. The contractor shall hold the appropriate material until otherwise directed by the Contracting Officer's Representative (COR) or CO. Items shall be returned securely via VA-approved methods. VA sensitive information must be transmitted utilizing VA-approved encryption tools which are validated under FIPS 140-2 (or its successor) and NIST 800-52. If mailed, the contractor shall send via a trackable method (USPS, UPS, FedEx, etc.) and immediately provide the tracking information to the COR/CO. Self-certification by the contractor that the data destruction requirements above have been met shall be sent to the COR/CO within 30 business days of contract termination. All electronic storage media (hard drives, optical disks, CDs, backup tapes, etc.) used to store, process, or access VA information will not be returned to the contractor at the end of lease, loan, or trade-in. Exceptions to this paragraph will only be granted with the written approval of the VA CO. 2. This section applies when any ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS person requires access to information made available to the contractor by VA for the performance or administration of this contract or information developed by the contractor in performance or administration of the contract. A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees and subcontractors only to the extent necessary to perform the services specified in the solicitation or contract. This includes indirect entities, both affiliates of contractor/subcontractor and agents of contractor/subcontractor. Contractors and subcontractors shall sign the VA Information Security Rule of Behavior (ROB) before access is provided to VA information and information systems (see Section 4, Training, below). The ROB contains the minimum user compliance requirements and does not supersede any policies of VA facilities or other agency components which provide higher levels of protection to VA's information or information systems. Users who require privileged access shall complete the VA elevated privilege access request processes before privileged access is granted. All contractors and subcontractors working with VA information are subject to the same security investigative and clearance requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors shall be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office of Human Resources and Administration/Operations, Security and Preparedness (HRA/OSP) is responsible for these policies and procedures. Contract personnel who require access to classified information or information systems shall have an appropriate security clearance. Verification of a Security Clearance shall be processed through the Special Security Officer located in HRA/OSP. Contractors shall conform to all requirements stated in the NISPOM. All contractors and subcontractors shall comply with conditions specified in VAAR 852.204-71(d); Contractor operations required to be in the United States. All contractors and subcontractors working with VA information must be permanently located within a jurisdiction subject to the law of the United States or its Territories to the maximum extent feasible. If services are proposed to be performed abroad, the contractor must state where all non-U.S. services are provided. The contractor shall deliver to VA a detailed plan specifically addressing communications, personnel control, data protection, and potential legal issues. The plan shall be approved by the COR/CO in writing prior to access being granted. The contractor shall notify the COR/CO in writing immediately (no later than 24 hours) after personnel separation or occurrence of other causes. Causes may include the following: Contractor/subcontractor personnel no longer have a need for access to VA information or VA information systems. Contractor/subcontractor personnel are terminated, suspended, or otherwise have their work on a VA project discontinued for any reason. Contract believes their own personnel or subcontractor personnel may pose a threat to their company's working environment or to any company-owned property. This includes contractor-owned assets, buildings, confidential data, customers, employees, networks, systems, trade secrets, and/or VA data. Any previously undisclosed changes to contractor/subcontractor background history are brought to light, including but not limited to changes to background investigation or employee record. Contractor/subcontractor personnel have their authorization to work in the United States revoked. Agreement by which contractor provides products and services to VA has either been fulfilled or terminated, such that VA can cut off electronic and/or physical access for contractor personnel. In such cases of contract fulfillment, termination, or other causes, the contractor shall take the necessary measures to immediately revoke access to VA network, property, information, and information systems (logical and physical) by contractor/subcontractor personnel. These measures include (but are not limited to): removing and then securing Personal Identity Verification (PIV) badges and PIV Interoperable (PIV-I) access badges, VA-issued photo badges, credentials for VA facilities and devices, VA-issued laptops, and authentication tokens. Contractors shall notify the appropriate VA COR/CO immediately to initiate access removal. Contractors/subcontractors who no longer require VA access will return VA-issued property to VA. This property includes (but is not limited to): documents, electronic equipment, keys, and parking passes. PIV and PIV-I access badges shall be returned to the nearest VA PIV Badge Issuance Office. Once they have had access to VA information, information systems, networks, and VA property in their possessions removed, contractors shall notify the appropriate VA COR/CO. 4. TRAINING This entire section applies to all acquisitions which include section 3. All contractors and subcontractors requiring access to VA information and VA information systems shall successfully complete the following before being granted access: VA Privacy and Information Security Awareness and Rules of Behavior course (Talent Management System (TMS) #10176) initially and annually thereafter. Sign and acknowledge (electronically through TMS #10176) understanding of and responsibilities for compliance with the Organizational Rules of Behavior, relating to access to VA information and information systems initially and annually thereafter. Successfully complete any additional cybersecurity or privacy training, as required for VA personnel with equivalent information system or information access [to be defined by the VA program official and provided to the VA CO for inclusion in the solicitation document — i.e., any role-based information security training]. The contractor shall provide to the COR/CO a copy of the training certificates and certification of signing the Organizational Rules of Behavior for each applicable employee within five days of the initiation of the contract and annually thereafter, as required. Failure to complete the mandatory annual training is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the required training is complete. SECURITY INCIDENT INVESTIGATION This entire section applies to all acquisitions requiring any Information Security and Privacy language. The contractor, subcontractor, their employees, or business associates shall immediately (within one hour) report suspected security/privacy incidents to the VA OIT's Enterprise Service Desk (ESD) by calling (855) 673-4357 (TTY: 711). The ESD is OIT's 24/7/365 single point of contact for IT-related issues. After reporting to the ESD, the contractor, subcontractor, their employees, or business associates shall, within one hour, provide the incident number received from the ESD to the COR/CO. To the extent known, the contractor/subcontractor's notice to VA shall identify the involved information and circumstances, including: The date and time (or approximation) of the Security Incident. The names of individuals involved (when applicable). The physical and logical (if applicable) location of the incident. The reason for the Security Incident (catalyst for failure). The amount of VA data believed to be compromised. The remediation measures being taken to prevent future incidents. After providing the initial incident summary, the contractor shall continue to provide written updates on any new circumstances or facts. The contractor, subcontractor, and their employees shall cooperate fully with VA or third-party risk analysis teams. Failure to cooperate may be deemed a material breach and grounds for contract termination. VA IT contractors shall follow VA Handbook 6500, Risk Management Framework for VA Information Systems, and VA Information Security Knowledge Service guidance for implementing an Incident Response Plan or integrating with an existing VA system. In cases of theft, break-in, or criminal activity, the contractor/subcontractor must report the incident to law enforcement, VA OIG, and VA Security and Law Enforcement. The contractor shall cooperate with VA and law enforcement during investigations and legal proceedings. The contractor shall comply with VA Handbook 6500.2, Management of Breaches Involving Sensitive Personal Information, which establishes breach management policies and responsibilities. For unsecured Protected Health Information (PHI), the contractor is deemed to have discovered a breach when they knew or should have known of it. Notification to the covered entity (VHA) shall be made per the executed Business Associate Agreement (BAA). If the contractor or agents fail to protect VA sensitive personal information, they shall pay damages as specified in clause 852.211-76, Liquidated Damages for Data Breach Costs. Records Management Contractor shall comply with all applicable records management laws and regulations, including NARA policies, the Federal Records Act, and related policies for safeguarding records covered by the Privacy Act of 1974. All data created for government use and delivered to or under the control of the government are federal records subject to disposition only as permitted by law. Contractor shall maintain all records created for government use or created during performance of the contract, managed in accordance with federal law. Electronic records must include sufficient technical documentation. Records may not be removed or destroyed except as authorized, and unlawful destruction is subject to penalties. The contractor must report any unauthorized disclosures or disclosures of non-public information immediately to the appropriate Contracting Officer and ensure proper safeguards are in place. When information, data, or records are no longer needed, they shall be returned or securely disposed of according to VA policies. Destruction of records must be approved and in accordance with NARA and VA directives. Media used to store VA information that cannot be destroyed shall be returned to VA, with proper encryption and tracking. Electronic media used to store VA information shall not be returned at the end of lease or trade-in unless approved. Access to VA Information and Systems Persons requiring access shall request only the necessary logical or physical access. They must sign the VA Information Security Rule of Behavior and, if applicable, complete additional security training. Background investigations and security clearances shall be in accordance with VA policies. Contractors shall comply with conditions for operations within the U.S. or its territories and notify VA of personnel changes or security concerns promptly. Training All contractor employees with access shall complete required training, including VA Privacy and Information Security Awareness, Rules of Behavior, and any additional role-based security training. Certificates shall be provided to the COR/CO within five days of contract start and annually thereafter. Failure to complete training may result in suspension or termination of access. Security Incident Investigation Suspected incidents must be reported immediately to VA OIT's ESD. The contractor shall provide incident details and cooperate fully with VA investigations. In case of criminal activity, law enforcement shall be notified, and cooperation with investigations is required. The contractor shall follow VA breach management policies and notify VA of any breaches involving sensitive information. Data breach damages shall be paid as specified in the contract.

View original listing